Details of VAR-202202-0452

ID

VAR-202202-0452

CVE

CVE-2022-21205

TITLE

Intel(R) Quartus(R) Prime Pro Edition In XML External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-005076

DESCRIPTION

Improper restriction of XML external entity reference in DSP Builder Pro for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an unauthenticated user to potentially enable information disclosure via network access. Intel(R) Quartus(R) Prime Pro Edition for, XML There is a vulnerability in an external entity.Information may be obtained. Both Intel Quartus Prime Pro and Intel Quartus Prime are products of Intel Corporation of the United States. Intel Quartus Prime Pro is a multi-platform design environment. This product is mainly used for programmable logic device programming. Intel Quartus Prime is a programmable logic device tool for designing and developing FPGAs. An attacker could exploit this vulnerability to cause privilege escalation, denial of service, or information disclosure

Trust: 1.8

sources: NVD: CVE-2022-21205 // JVNDB: JVNDB-2022-005076 // VULHUB: VHN-406851 // VULMON: CVE-2022-21205

AFFECTED PRODUCTS

vendor:	intel	model:	quartus prime	scope:	lt	version:	21.3	Trust: 1.0
vendor:	インテル	model:	intel quartus prime pro	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	intel quartus prime pro	scope:	eq	version:	21.3	Trust: 0.8

sources: JVNDB: JVNDB-2022-005076 // NVD: CVE-2022-21205

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-21205
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2022-21205
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-21205
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202202-758
value:	HIGH
Trust: 0.6
VULHUB:	VHN-406851
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-21205
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-21205
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-406851
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-21205
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2022-21205
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-406851 // VULMON: CVE-2022-21205 // JVNDB: JVNDB-2022-005076 // CNNVD: CNNVD-202202-758 // NVD: CVE-2022-21205 // NVD: CVE-2022-21205

PROBLEMTYPE DATA

problemtype:	CWE-611	Trust: 1.1
problemtype:	XML Improper restriction of external entity references (CWE-611) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-406851 // JVNDB: JVNDB-2022-005076 // NVD: CVE-2022-21205

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-758

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202202-758

PATCH

title:	INTEL-SA-00632	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00632.html	Trust: 0.8
title:	Intel Quartus Prime Pro Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=182191	Trust: 0.6
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-21205 // JVNDB: JVNDB-2022-005076 // CNNVD: CNNVD-202202-758

EXTERNAL IDS

db:	NVD	id:	CVE-2022-21205	Trust: 3.4
db:	JVN	id:	JVNVU99045838	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-005076	Trust: 0.8
db:	CNNVD	id:	CNNVD-202202-758	Trust: 0.7
db:	CS-HELP	id:	SB2022020912	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0546	Trust: 0.6
db:	VULHUB	id:	VHN-406851	Trust: 0.1
db:	VULMON	id:	CVE-2022-21205	Trust: 0.1

sources: VULHUB: VHN-406851 // VULMON: CVE-2022-21205 // JVNDB: JVNDB-2022-005076 // CNNVD: CNNVD-202202-758 // NVD: CVE-2022-21205

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00632.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21205	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu99045838/	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2022020912	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0546	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/611.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-406851 // VULMON: CVE-2022-21205 // JVNDB: JVNDB-2022-005076 // CNNVD: CNNVD-202202-758 // NVD: CVE-2022-21205

SOURCES

db:	VULHUB	id:	VHN-406851
db:	VULMON	id:	CVE-2022-21205
db:	JVNDB	id:	JVNDB-2022-005076
db:	CNNVD	id:	CNNVD-202202-758
db:	NVD	id:	CVE-2022-21205

LAST UPDATE DATE

2025-05-07T22:34:41.950000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-406851	date:	2022-02-15T00:00:00
db:	VULMON	id:	CVE-2022-21205	date:	2022-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-005076	date:	2023-05-17T07:30:00
db:	CNNVD	id:	CNNVD-202202-758	date:	2022-02-22T00:00:00
db:	NVD	id:	CVE-2022-21205	date:	2025-05-05T17:17:44.337

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-406851	date:	2022-02-09T00:00:00
db:	VULMON	id:	CVE-2022-21205	date:	2022-02-09T00:00:00
db:	JVNDB	id:	JVNDB-2022-005076	date:	2023-05-17T00:00:00
db:	CNNVD	id:	CNNVD-202202-758	date:	2022-02-09T00:00:00
db:	NVD	id:	CVE-2022-21205	date:	2022-02-09T23:15:18.077